Canonical Ubuntu Linux vulnerabilities

CVE-2019-15793 [HIGH] CWE-538 CVE-2019-15793: In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel serie In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This result

CVE-2019-15792 [HIGH] CWE-843 CVE-2019-15792: In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel serie In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info

CVE-2019-15791 [HIGH] CWE-672 CVE-2019-15791: In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel serie In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to

CVE-2020-12137 [MEDIUM] CWE-79 CVE-2020-12137: GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME par GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, a

CVE-2019-15794 [MEDIUM] CWE-672 CVE-2019-15794: Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dere

CVE-2019-20788 [CRITICAL] CVE-2019-20788: libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and he libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.

CVE-2020-11945 [CRITICAL] CWE-190 CVE-2020-11945: An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authent An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead o

CVE-2020-1760 [MEDIUM] CWE-79 CVE-2020-1760: A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

CVE-2020-12059 [HIGH] CWE-476 CVE-2020-12059: An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

CVE-2020-12066 [HIGH] CWE-20 CVE-2020-12066: CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.

CVE-2020-1983 [MEDIUM] CWE-416 CVE-2020-1983: A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allo A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

CVE-2020-8831 [MEDIUM] CWE-379 CVE-2020-8831: Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker w

CVE-2020-8833 [MEDIUM] CWE-367 CVE-2020-8833: Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport al Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the de

CVE-2020-11008 [HIGH] CWE-20 CVE-2020-11008: Affected versions of Git have a vulnerability whereby Git can be tricked into sending private creden Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses ext

CVE-2020-11958 [HIGH] CWE-787 CVE-2020-11958: re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme. re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.

CVE-2019-7306 [HIGH] CWE-552 CVE-2019-7306: Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu

CVE-2020-11793 [HIGH] CWE-416 CVE-2020-11793: A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted we A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).

CVE-2020-1751 [HIGH] CWE-787 CVE-2020-1751: An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.

CVE-2020-0067 [MEDIUM] CWE-125 CVE-2020-0067: In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bound In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.

CVE-2019-12524 [CRITICAL] CWE-306 CVE-2019-12524: An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its ru An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex